Saturday, June 9, 2012

My last job, I was an IT consultant for a five year period of time. In that period, I averaged 150+ nights/year in Marriott hotels (earned a lot of hotel points, Hertz points, airline points, etc.) all over the US and Europe. My boss owned my schedule Monday to Friday and my wife owned my schedule on weekends. Between those two individuals and Google calendar, I never really had need to keep track of my time. My only worry was getting to the electronically-scheduled appointments on time. Absent my eCalendars and the readout on my cell phone, I really had no firm clue of what time or day it was (beyond knowing "it must be M-F since I'm on the road" or "it must be the weekend since I'm home").

I don't think my mind has ever recovered from this. Even now, rolling up on three years since leaving that job, if it ain't on my calendar or I don't have my phone, I don't really know when it is (whatever "it" is).

All of this is prelude/background to why I didn't specifically remember when I spent six weeks - a non-trivial chunk of time - in Memphis. I'd sorta always thought it was 2007. Turns out it was 2008. The only reason I know that it was 2008 was that Flo Rida's _Low_ was all over the goddamned radio in Memphis (and the particular Hertz outlet I was renting from didn't have XM in the cars they were renting me).

I should have remembered it was 2008 because it was shortly after spending six weeks eating lots of barbecue and fried-food in Memphis that I ended up hospitalized with pancreatitis (not related: that was medically-induced because of a toxic reaction to Topamax - a medicine I was on, at the time, for my epilepsy).

You'd think the pain that led to the hospitalization would have been an adequate time-marker for when the Memphis trip happened. But, for as freakishly detailed and complete my memory tends to be, my memories are ordered more in relation to each other than they are to a date on a calendar (*shrug*).

Incidentally, the only reason I know that Low came out in 2008 is because I just got done looking at Flo Rida's Wikipedia entry. And, the reason I was looking at that was because one of his more recent songs was featured in the promotional soundtrack of a Disney movie I'd Stumbled, earlier. I found the video to that song (which led me to Wikipedia) because I'd liked the song in the Disney promo and had punched in "song from wreck it ralph trailer" into Google.

So, this week LinkedIn, eHarmony and Last.FM all had their user password databases hacked. I was potentially affected by the first and by the last. Being married and not overly a fan of eHarmony's working-model, at any rate, I'm not a member of their site.

It used to annoy me when web sites forced you to login with your registered email address rather than your userid. To be honest, I've come to the point where I'd rather they only allowed you to use your email address as your login token. It raises the bar on brute-forcing your account, that way. Not only does an attacker need to guess your password (and I'm generally a fan of four-class pass-phrases), they need to guess your email address, as well (and email addresses tend to be much longer than userids, at any rate).

Granted, if attackers have breached an entire site via the back-end and dumped out the entire user list, they have access to your email address. And, if you use the same email address and password-pair across multiple sites, you're still fairly boned. Fortunately, that's not the case for me. I use unique addresses for each site I register with. So, just because the LinkedIn and Last.FM attackers have my authentication credentials to those two sites, they don't have my credentials to other sites - even if I happened to use the password component across more than one site.

Overall, one of the easiest ways to create unique email addresses is to do a "+TOKEN" email address. Sites like gmail support adding a "+token" to your base email address and still have resultant emails delivered to the base address. As an additional bonus, you can set up delivery-rules to automatically process such emails based on the original target address. Unfortunately, many of the websites I visit consider "ferricoxide+TOKEN@gmail.com" to be an invalid email address. This is just about as annoying as websites that limit me on the password string-length and on the characters I can use. C'mon, guys, this is 2012, not 1992. It's a different security environment out there and you should be doing everything you can to foster good security habits in your users - not hamstring them (this goes double for banks who seem to be the worst offenders with regard to forcing poor userid and password policies).

Tuesday, June 5, 2012

I'll start by admitting that I don't understand the point of award shows. To be honest, I don't understand much of what I see in my online viewing guide. Maybe that's colored by the fact that, when I was a kid, there were like three channels (ABC, CBS and NBC) - four if you counted PBS. There just wasn't a lot of available air-time to put genuine garbage on the air, let alone niche-appeal garbage.

Award shows, in general, always just struck me as self-congratulatory wanking by entertainment industry X. That said, most of the award shows were about subjects that had wide enough appeal that I could at least sort of understand how a national audience might be interested in watching. The same can't be said for the Tony Awards. I mean, from a wide viewership standpoint, how many people (that don't live in the NYC area) actually see Broadway shows more than once or twice in a lifetime? I understand there's a decent amount of cross-over between more widely-popular entertainment mediums and Broadway. I also understand that some of the really successful shows have road versions of their shows - widening the audience of people that can see a show. But, all that aside, how many people are there that are both consumers of Broadway and Broadway-style productions are there out there and, more importantly, how many of them are interested in watching a self-congratulatory wank-fest? It just doesn't seem like there'd be enough to soak up an hour or more worth of prime advertising time. I guess that's why it's aired during summer repeats season though - it's the only way it can come even marginally close to having enough of an audience to draw advertising dollars.